<?php

/*----------------------------------------------+
|  MaxForum					|
|  ===========================================	|
|  By Majd Almontaser				|
|  Released under the License GNU v3.0		|
|  http://www.Max4Dev.com			|
|  ===========================================	|
|  Ttmtt Team - http://www.liioiil.com		|
+-----------------------------------------------*/

header('Cache-Control: no-cache');
header('Pragma: nocache');

$rating_unitwidth = 25;

//getting the values
$vote_sent	= (int) $_GET['j'];
$units		= 5;
$image_id	= (int) $_GET['q'];

if ($vote_sent > $units) die('Sorry, vote appears to be invalid.'); # kill the script because normal users will never see this.

#--------------------------------
# Gather required files
#--------------------------------

	define('MAX_ON', true);

	include '../../../config.php';
	include '../../../../libs/php/functions.php';

#--------------------------------
# Work some things out...
#--------------------------------

	#-------------------------------
	# Get current rating
	#-------------------------------
	
		$query = mysql_query('SELECT total_votes, total_value, users FROM ' . $db_prefix . 'gallery_images_ratings WHERE image = ' . $image_id . ' LIMIT 1');
		
		$row = mysql_fetch_assoc($query);
		
			$total_votes	= $row['total_votes'];
			$total_value	= $row['total_value'];
			$users			= explode(',', $row['users']);
	
	#-------------------------------
	# Get their id
	#-------------------------------
	
		$loggedIn = false;
	
		# Check their logged in, and that their vote is in range
		if (isset($_COOKIE['max_name'], $_COOKIE['max_password']) && $vote_sent > 0 && $vote_sent <= $units)
		{
			$uName = escape_string($_COOKIE['max_name']);
			$uPass = escape_string($_COOKIE['max_password']);
	
			$query	= mysql_query('SELECT id, time_offset, board_lang FROM ' . $db_prefix . 'members WHERE name = "' . $uName . '" AND password = "' . $uPass . '" LIMIT 1') or die (mysql_error());
			
			$row	= mysql_fetch_assoc($query);
			
			if (!empty($row))
			{
				$loggedIn	= true;
				$uId		= $row['id'];
				
				#-------------------------------------------------
				# Check whether they've already voted
				# and if not, add their vote
				#-------------------------------------------------
				
					if (!in_array($uId, $users))
					{
						++$total_votes;
						$total_value	+= $vote_sent;
						$users[]		= $uId;
						$users			= implode(',', $users);
						
						mysql_query('UPDATE ' . $db_prefix . 'gallery_images_ratings SET total_votes = ' . $total_votes . ', total_value = ' . $total_value . ', users = "' . $users . '" WHERE image = ' . $image_id . ' LIMIT 1');
					}
			}
		}

// $new_back is what gets 'drawn' on your page after a successful 'AJAX/Javascript' vote

$new_back = '';

$new_back .= '<ul class="unit-rating unit-rating2" style="width:' . $units * $rating_unitwidth . 'px;">';
$new_back .= '<li class="current-rating" style="width:' . number_format($total_value / $total_votes, 2) * $rating_unitwidth . 'px;">Current rating.</li>';
$new_back .= '<li class="r1-unit">1</li>';
$new_back .= '<li class="r2-unit">2</li>';
$new_back .= '<li class="r3-unit">3</li>';
$new_back .= '<li class="r4-unit">4</li>';
$new_back .= '<li class="r5-unit">5</li>';
$new_back .= '<li class="r6-unit">6</li>';
$new_back .= '<li class="r7-unit">7</li>';
$new_back .= '<li class="r8-unit">8</li>';
$new_back .= '<li class="r9-unit">9</li>';
$new_back .= '<li class="r10-unit">10</li>';
$new_back .= '</ul>';
$new_back .= '<p class="voted">' . sprintf('%u vote(s) cast.', $total_votes) . '</p>';
$new_back .= '</p>';

$allnewback = $new_back;

// ========================

//name of the div id to be updated | the html that needs to be changed
$output = 'rater_div|' . $allnewback;
echo $output;
?>
